Any user can completely delete their own account without authorization and/or going through any kind of membership cancellation protocol.
State Resolved (Closed)
Disclosed publicly 2018-09-12T14:40:16.556Z
Reported To
Weakness Improper Access Control - Generic
Bounty
Collapse

Summary by s3cur3

A security researcher identified an endpoint that allowed Shipt Members to delete their own account by intercepting an HTTP request, changing the HTTP method to DELETE, and forwarding the request, bypassing the normal membership cancellation protocol. This endpoint did not allow for modifying other members' accounts and was self-exploitable only. However, this issue could have impacted business operations and metrics and Shipt re-opened the report and Shipt engineers implemented a fix. Researcher validated the fix.

Timeline
submitted a report to Shipt .
2018-02-19T06:55:25.235Z

Regards,
Frans

  • 0 attachments:
glassofbeer Activities::BugInformative
2018-02-21T02:46:05.754Z


s3cur3 Activities::Comment
2018-02-21T07:48:42.247Z


shiptsecurity1 Activities::ReportSeverityUpdated
2018-07-31T20:16:47.444Z


shiptsecurity1 Activities::BugReopened
2018-07-31T20:16:55.365Z


shiptsecurity1 Activities::BugResolved
2018-08-02T08:48:48.005Z


Activities::NotEligibleForBounty
2018-08-06T23:03:33.067Z


s3cur3 Activities::AgreedOnGoingPublic
2018-09-03T13:22:01.766Z


shiptsecurity1 Activities::AgreedOnGoingPublic
2018-09-12T14:40:16.378Z


shiptsecurity1 Activities::ReportBecamePublic
2018-09-12T14:40:16.598Z